Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Twig.js is a pure JavaScript implementation of the Twig PHP templating language (http://twig.sensiolabs.org/)
The goal is to provide a library that is compatible with both browsers and server side JavaScript environments such as node.js.
Twig.js is currently a work in progress and supports a limited subset of the Twig templating language (with more coming).
Documentation is available in the twig.js wiki on Github.
For a list of supported tags/filters/functions/tests see the Implementation Notes page on the wiki.
If you have a change you want to make to twig.js, feel free to fork this repository and submit a pull request on Github. The source files are located in src/*.js. twig.js is built by running make
For more details on getting setup, see the contributing page on the wiki.
Twig.js can be installed as a bower package with:
bower install twig.js
Include twig.js or twig.min.js in your page, then:
var template = twig({
data: 'The {{ baked_good }} is a lie.'
});
console.log(
template.render({baked_good: 'cupcake'})
);
// outputs: "The cupcake is a lie."
Twig.js can be installed with NPM
npm install twig
You can use twig in your app with
var Twig = require('twig'), // Twig module
twig = Twig.twig; // Render function
Twig is compatable with express 2 and 3. You can create an express app using the twig.js templating language by setting the view engine to twig.
Express 3
var Twig = require("twig"),
express = require('express'),
app = express();
// This section is optional and used to configure twig.
app.set("twig options", {
strict_variables: false
});
app.get('/', function(req, res){
res.render('index.twig', {
message : "Hello World"
});
});
app.listen(9999);
Message of the moment: <b>{{ message }}</b>
An Express 2 Example is available on the wiki.
The twig.js tests are written in Mocha and can be invoked with make test
.
Twig.js is available under a BSD 2-Clause License, see the LICENSE file for more information.
See the LICENSES.md file for copies of the referenced licenses.
The JavaScript Array fills in src/twig.fills.js are from https://developer.mozilla.org/ and are available under the MIT License or are public domain.
The Date.format function in src/twig.lib.js is from http://jpaq.org/ and used under a MIT license.
The sprintf implementation in src/twig.lib.js used for the format filter is from http://www.diveintojavascript.com/projects/javascript-sprintf and used under a BSD 3-Clause License.
The strip_tags implementation in src/twig.lib.js used for the striptags filter is from http://phpjs.org/functions/strip_tags and used under and MIT License.
FAQs
JS port of the Twig templating language.
We found that ks-twig demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.